I have to say, Chris, that you're doing a damn good job of making the case for the restrictive policies to stay in place.
that is what IT is *for*. fixing the stupid things that people do with computers, software and networks is your function.
While true, that is a reactive response to the job responsibilities. Far better to be proactive and have the policies in place that limit the opportunities for people to do stupid things.
Or would you disagree with the axiom "An ounce of prevention is worth a pound of cure"?
and dealing with spyware and viruses is part of what the job entails.
Agreed. Which is why the controls are put in place. I'd rather deal with them before they propagate on the network by limiting the opportunities to get on in the first place.
no it's not. the behavior of the user will not change, ever. when it comes to you vs. your users, you are outgunned and outnumbered and that will never change.
Not entirely true, but close enough. So again, since you have established that the users are the problem, why is it that the controls and restrictions should be relaxed?
if people cleaned up after themselves there wouldn't be janitors in this world. if you don't like cleaning up messes, then you shouldn't work as a janitor. IT is the same way
Again - you seem to be advocating a reactive approach (Clean up the mess). I (and countless other IT Professionals) would rather take the step to prevent the mess in the first place. And sometimes, that means the user doesn't get to do whatever they want.
So thank you, sir, for helping to show that the premise of the article is still a bunch of hooey.
After all, if the primary responsibility is to ensure that the user base has the resources to do their job, we have to make sure that the same user base cannot engage in activities that may deny those resources to the other users.
Have a great day!

Not 5 minutes ago, I was getting a cup of coffee and overheard two people complaining because they had to remember a 12 character password.

These are the sort of people who you want to give unrestricted access to. The same people who, in their own words, *don't care*.

Someone has to care about security. Someone has to care that crapware, viruses, and similar crap doesn't get put on the network.

Oh, and let's not forget licensing! Regardless of how anyone feels about it, the way things are, if we're not controlling what gets put on the computers, I guaran-damn-tee we'll get hit with software licensing violations.

No. Sorry. As long as the user base remains WILLFULLY ignorant and self-interested, the controls and lockdowns need to stay in place. They prove the need for this on a DAILY basis.